Share this article
Australia’s CEOs know that data can help achieve growth and secure public trust. Yet many CEOs lack confidence in their organisations’ data management capability, and remain over-exposed to cyber security threats.
Despite its undeniable upsides, the speed of technology change continues to be seen as an obstacle to growth by Australia’s CEOs. An average of 72% of local CEOs have identified this as a concern over the past five years.
Furthermore, CEOs see technology as more socially divisive than unifying. 60% of local CEOs (compared to 43% of global peers) say that the internet (including social media) will increasingly be seen as a platform that potentially divides people, spreads misinformation and facilitates political manipulation.
Nearly one in two local (43%) and half of global (50%) CEOs are concerned about misinformation (or a lack of diverse discourse). Increased divisions and consumer distrust means that organisations that control (or have access to) consumer data must treat that information both legally and ethically. CEOs must not only ask, ‘What can we do?’ but also, ‘What should we do?’
Organisations that responsibly manage data invariably engender trust among consumers. New data protection regulations (and the indirect impacts of the GDPR) have elevated expectations from consumers around how their data is managed. Regulators have also stepped up scrutiny of how organisations manage and meet their data and privacy obligations.
Data has become an invaluable asset for organisations. Our latest Digital Insights Survey shows that organisations that do not have a formal process for identifying and valuing their data assets are in the minority. 72% of respondents said their organisation has established a data management process. Respondents said their primary objective for investing in data management was to deliver value to customers.
When local CEOs were asked to name the factor most likely to enable their strategic goals, their top pick (31%) was a ‘clear vision of how value is created for customers’. Clearly, in today’s customer-led world, data has become central to that vision.
Last year’s survey showed that almost all local CEOs (95%) believed that their organisations’ long-term success and durability would rest upon better use of customer and client data. However, only 7% believed their customer data was sufficiently comprehensive to enable this.
The disconnect between the desire to better use data and the lack of confidence in data quality is hampering business leaders’ ambitions. So too are concerns regarding organisations' abilities to protect data integrity, manage privacy risks, and prevent theft or leaks.
The results of the most recent Global Consumer Insights Survey suggest that now is the time for organisations to move beyond a ‘data strategy’ towards a ‘data trust strategy’. For example, more progressive organisations are looking at algorithms, and supporting checks and balances, that will monitor and check that artificial intelligence is being used responsibly and ethically in the management of sensitive data.
Cyber security risks continue to be the greatest threat to business growth, according to Australia’s CEOs. Over the past five years, Australia’s CEOs have been consistently more concerned about cyber security undermining growth than their global peers (a five year average 83% of local CEOs, compared to 69% of global peers).
While strides have been made to tackle cyber security issues, threats still loom in the minds of local CEOs. This year, 85% pointed to cyber security as a greater threat to growth than any other concerns, including uncertain economic growth, regulatory burdens and the availability of key skills in the workforce.
Growing public concern over data privacy is one of the chief factors (59%) influencing local cyber security strategies. Australia’s CEOs are keenly aware of the commercial, financial and legal consequences when data privacy incidents occur.
There is also no doubt that cyber attacks continue to increase in sophistication, complexity and frequency. 84% of local CEOs identify the increasing complexity of cyber security threats as the most influential factor shaping cyber security strategies.
However, too often organisations are only reactive, lacking the proactive elements required for a truly comprehensive strategy. Instead of responding only to address their most recent cyber security incident, organisations must take a strategic approach to anticipate future threats too.
Local organisations must become comfortable operating in increasingly complex environments where business and technology are entwined and risks are embedded into all strategies. There is no room for complacency and managing cyber security threats must now (regrettably) be part of business-as-usual.
Often organisations approach cyber security threats from a security perspective, rather than a risk perspective. However, it’s vital to understand and quantify cyber security risks, and to effectively manage and govern them.
This year’s CEO survey once again underlined that technology solutions alone will not be enough to stay ahead of cyber security threats. Instead, a comprehensive approach must incorporate the whole organisation, including technology, people, process, third-party management, governance, auditing, reporting, and more.
Over and above all emerging technology (including AI, 5G, Internet of Things, autonomous vehicles, and augmented and virtual reality), both local and global CEOs identified cyber security and digital privacy as the top two priorities for collaboration.
This is unsurprising considering the emphasis placed on cyber security threats. However, CEOs indicate that there is insufficient collaboration between businesses, and between business and government. There are clear benefits to risk intelligence sharing but competitive environments and a lack of safe avenues to share information appear to be hampering this.
Stakeholders from across public and private business, government, academia and industry must share approaches and examples to help combat cyber security threats. Real-time intelligence sharing across government and business is likely to deliver material benefits. Unfortunately, the details of an incident within one organisation are often not shared quickly or effectively enough to benefit other organisations or wider industries.
Furthermore, only a third of local CEOs believe that they are seeing effective changes in policies and regulations in areas such as:
Collaboration among governments and businesses to drive increased harmonisation of cyber security strategies (31%)
Cooperation among governments and businesses to manage cross-border data flows (31%)
Governments designing privacy regulations that both increase consumer trust and maintain business competitiveness (32%).
Effective cyber security strategies also require collaboration in areas such as supply chains. The more organisations digitise, the more vulnerable to attack they become. Although many are improving internal cyber security, threats remain within third-party supply chains (often hidden through a complex array of third-party arrangements). This is clearly the weakest area of cyber security management, with one in two local CEOs identifying vulnerabilities in supply chains and business partners (51%) as a key factor impacting their cyber security strategies.
Cyber security threats that use ‘backdoor’ access to an organisation through a supplier or business partner are common. Organisations therefore need a clear understanding of who they are doing business with, where the cyber security risks lie, and how suppliers and business partners have protected themselves.
adopt leading practice in ethically and legally responsible data use and handling to build trust with consumers
conduct an annual external cyber and privacy benchmark review to ascertain maturity and relative exposure, benchmarked with peers – and proactively manage and govern any risks
take a quantitative, not just qualitative, analysis of cyber security and privacy risks to understand the true commercial, financial and legal impacts
effectively report on cyber security incidents and seek to learn from these events, implementing learnings in proactive/preventative strategies
advocate for increased collaboration with governments, industry and peers around cyber security strategies and work closely with supply chains and business partners to identify and manage risk.